Distributed file sharing system and a file access control method of efficiently searching for access rights

ABSTRACT

With a shared index information file in a file sharing index manager, a distributed file system controls access to files based on access right obtained from the index information. Even when a host terminal operated by a user does not have directory information required, that host terminal may obtain an access right from the file sharing index manager without making access to the host terminals. The host terminals perform local management via file sharing managers to minimize accesses to the host terminals which are required until processing is completed.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention generally relates to a distributed filesharing system. More particularly, the present invention relates to adistributed file sharing system advantageously applicable to adistributed file system that has a plurality of terminals distributedon, and connected to, a network and that allows the terminals to sharefiles to build a single virtual file system. In addition, the inventionalso relates to a file access control method of dealing with such adistributed file system as a virtual file system, advantageouslyapplicable to the access control of the directories or files in the filesystem

[0003] 2. Description of the Background Art

[0004] On a computer terminal used as a host terminal, an access controllist provided as one of OS (Operating System) functions is usually usedfor the file access control method. In the UNIX (trademark) system thatis one of the operating systems, there are three classes of users forevery file and directory: owner, owner group, and other users. For eachof those classes, three types of access permission, read, write andexecute, are assigned for controlling access to files. When a remoteterminal uses the host terminal over a network, the host terminalexamines an account of the user stored therein to check if the remoteterminal has access permission for the files or directories.

[0005] From the standpoint of access control, a method is proposed forbalancing or reducing the load that would otherwise be increased when aplurality of host terminals share a file server. Japanese patentLaid-Open Publication No. 120063/1999 discloses a shared file system ina distributed system eliminating the load of file management calculationand preventing file data from being transferred via a network toincrease processing speed.

[0006] Japanese Patent Laid-Open Publication No. 305470/1997 discloses ashared file management device which monitors the status of shared filesand the file storing means. Based on the monitoring result, the systemmanager reviews the arrangement or multiplexing of shared files and,based on the review, the file access control moves or multiplexes sharedfiles to increase operation efficiency. Japanese Patent Laid-OpenPublication No. 77054/1996 discloses a distributed file system in whicheach of server computers on a computer cluster, where a plurality ofcomputers are networked, has the divided-file creation and deletionparts to create and delete a plurality of divided-files corresponding todistributed files, respectively. The distributed file management partsends out divided-file reference/update distribution information to aclient computer before making a reference/update request to adistributed file. In response to this information, the reference/updaterequest distribution part determines the location of the divided-file,in which a record index is stored for specifying the reference/updaterequest, to efficiently distribute the load even when processingrequests are received at a time.

[0007] In addition, Japanese Patent Laid-Open Publication No.332782/1994 teaches a file server system, in which a plurality of fileservers are provided on a network and each file server accesses its ownfile storage device. In this system, the file access request distributorreferences the load status of each file server, measured by the loadinformation monitor, to select a file server to be accessed, in order tocontrol file management. The file access request distributor issues afile access request under the corresponding communication controlaccording to whether the selected file server is its own server or oneof other servers. In particular, the file access request distributorselects a lightly loaded file server at write time to prevent accessrequests from concentrating on a particular file server. The fourproposals described above are made from the standpoint of accesscontrol. They are essentially different from a technology that grantsaccess rights to control file access.

[0008] A distributed file sharing system will be discussed below inwhich a plurality of host terminals are distributed on a network to forma single virtual file system. In general, a large problem with such adistributed file system is how access right should be integrated in thesystem. More specifically, in such a distributed file system, one hostterminal controls the operation of the access right management server.In this case, the application of the file access method used in the UNIXsystem described above, in which the access right is checked of alldirectories and files included in a file path, would cause thedistributed file system to check both the directories and the filesduring file access right checking. This requires an extremely longsearch period of time and sometimes becomes unrealistic.

[0009] A file search in a distributed file sharing system, where theconcept of file sharing is introduced, requires the system to check theapplication-level access right of the directories and files of all filepaths satisfying the search condition. It is therefore estimated thatthe distributed file sharing system will require a still longer searchperiod of time.

[0010] A distributed file sharing system, which is treated virtually asa single file system as described above, makes it possible for a copy ofa file in one host terminal to be cached into another host terminal.Because of this cache function, the access right checking of a hostterminal file, once accessed and obtained, need not be made via thenetwork unless the file is deleted. Regardless of this function, thehost terminal issues an inquiry to the access right management servervia the network when checking the access right of the file alreadystored in the terminal. This nullifies the significance of file cachingin the host terminal.

SUMMARY OF THE INVENTION

[0011] It is an object of the present invention to provide a distributedfile sharing system and a file access control method with a reducedsearch period of time for checking access rights and increased fileoperation efficiency.

[0012] In accordance with the present invention, a distributed filesharing system comprises terminals acting as host terminals connected toa network and managing files, each of which contains a collection ofdata, stored below directories each indicating a position in ahierarchical structure, wherein at least one of the host terminals actsin the network as a global management functional block managing allindex information, the index information including access rightinformation representative of right to access directories and filesrelating to sharing, each of the host terminals including a file sharingmanagement functional block managing the files and the directoriesshared by the host terminals, as well as the files locally for each hostterminal, the file sharing management functional block setting andmanaging the access right information on directories used in managingthe files.

[0013] The distributed file sharing system in accordance with thepresent invention stores the index information on shared files in theglobal management functional block to manage access right based on theindex information. Therefore, even when there is no required directoryinformation on a host terminal on which the user is operating, thesystem allows the host terminal to easily obtain access right from theglobal management functional block without making access to the hostterminals and to perform local management via the file sharingmanagement functional block.

[0014] Further in accordance with the invention, a method of controllingaccess to files in a distributed file sharing system comprises the stepsof: preparing host terminals connected to a network and managing files,each of which contains a collection of data, stored below directorieseach indicating a position in a hierarchical structure; receiving by oneof the host terminals an operation request for information on either oneof the directory and the file; issuing an access request to a target tobe managed in response to the operation request from the one hostterminal; checking, in response to the access request, whether or not auser has an access right to access the target right to issue the accessrequest based on collectively managed access rights; processing theinformation associated with the access request when the user has theaccess right; issuing a response, when the user does not have the accessright, indicating that the processing requested by the access requestwill not be performed; processing index information including the accessright for each of the host terminals as the target to be managed; andproviding the host terminal operated with a response signal associatedwith the index information processed.

[0015] Before a directory or a file is operated, the file access controlmethod in accordance with the present invention checks access right thathas been set up and checks whether or not access to an operation targetis permitted. As compared with the file search operation executed atindividual application level, the method according to the inventionrequires less search period of time.

BRIEF DESCRIPTION OF THE DRAWINGS

[0016] The objects and features of the present invention will becomemore apparent from consideration of the following detailed descriptiontaken in conjunction with the accompanying drawings in which:

[0017]FIG. 1 is a schematic block diagram showing the generalconfiguration of a distributed file system to which applied is adistributed file sharing system according to the present invention;

[0018]FIG. 2 is a diagram showing the general configuration of a hostterminal, which is included in the host terminals shown in FIG. 1, thatperforms file sharing index management;

[0019]FIG. 3 is also a schematic block diagram showing the generalconfiguration of a host terminal, included in the host terminals shownin FIG. 1, that performs user information management;

[0020]FIG. 4 is a schematic block diagram, like FIG. 2, showing thegeneral configuration of a general host terminal, included in the hostterminals shown in FIG. 1, that performs file sharing management;

[0021]FIGS. 5A and 5B schematically show file management in a hostterminal shown in FIG. 1;

[0022]FIGS. 6A and 6B schematically show file management in another hostterminal shown in FIG. 1;

[0023]FIGS. 7A and 7B schematically show file management and indexinformation management in still another host terminal shown in FIG. 1;

[0024]FIG. 8 shows the data items included in the directory informationof a directory in a host terminal shown in FIG. 1;

[0025]FIG. 9 shows an access control list that is one of items of thedirectory information shown in FIG. 8;

[0026]FIG. 10 shows the data items included in the file information of afile in a host terminal shown in FIG. 1;

[0027]FIGS. 11A and 11B schematically show file management after a filehas been acquired in the host terminal shown in FIG. 5;

[0028]FIG. 12 is a flow chart useful for understanding an access rightchecking procedure in the distributed file system shown in FIG. 1;

[0029]FIG. 13 is also a flowchart useful for understanding a userauthentication procedure executed when directory information is updatedin the distributed file system shown in FIG. 1;

[0030]FIG. 14 is a sequence diagram schematically showing the basicoperation on a directory and a file in the distributed file system shownin FIG. 1;

[0031]FIG. 15 is also a sequence diagram schematically showing the basicoperation when an event notification is issued in the distributed filesystem shown in FIG. 1; and

[0032]FIG. 16 is a sequence diagram schematically showing the filesearch and acquisition operations in the distributed file system shownin FIG. 1.

DESCRIPTION OF THE PREFERRED EMBODIMENT

[0033] With reference to the accompanying drawings, a preferredembodiment of a distributed file sharing system according to the presentinvention will be described in detail. In this embodiment, thedistributed file sharing system according to the present invention isapplied to a distributed file system 10 that works as a virtual filesystem. From the drawings and description, the parts are omitted whichare not related directly to the understanding of the present invention.In the description below, signals are referenced with reference numeralsallotted on connections over which the signals are transferred.

[0034] In the distributed file system 10, a plurality of host terminals12, 14, 16, 18, 20 and so on are connected to a network 100 as shown inFIG. 1. The host terminal 12 comprises a file sharing index managementfunctional unit or manager 120 and an index information file 1244. Thehost terminal 14 comprises a user information management functional unitor manager 140 and a user information file 1444. The host terminals 16and 18 comprise a pair of a file sharing management functional unit ormanager 160 or 180 and a data file 1644 or 1844, respectively. The hostterminals 20 depicted with dot-and-dashed lines are also one of threetypes of host terminal.

[0035] The following describes the configuration of each host terminal.The host terminal, 12, 14, 16, 18, and so on, comprises a terminal unit,12 a, 14 a, 16 a, 18 a, and so on, and a peripheral unit, 12 b, 14 b, 16b, 18 b, and so on, respectively. As shown in FIG. 2, the terminal unit12 a of the host terminal 12 comprises a CPU (Central Processing Unit)120 a, memory 122, storage 124, and network interface 126. Theperipheral unit 12 b comprises a display 128, a keyboard 130, and amouse 132 used as a pointing device. The peripheral unit 12 b isconnected to the terminal unit 12 a via signal lines 134, 136 and 138.

[0036] The storage 124 comprises a hard disk drive unit (HDD). Thestorage 124 includes two storage areas: program storage area 124Pcorresponding to the file sharing index management functional unit 120and data storage area 124D. The program storage area 124P contains afile sharing index management program 1240 and an operation interfaceprocessing program 1242. The file sharing index management program 1240manages the index information file 1244 provided for all files anddirectories shared by the host terminals 12, 14, 16, 18, and so onconnected to the network 100. The data storage area 124D contains theindex information file 1244 containing index information on all sharedfiles and directories.

[0037] The network interface 126 functions as a connection interfacewith the network 100. The host terminal 12 is connected to the network100 via the network interface 126. The distributed file system 10, whichalso includes other host terminals 14, 16, 18, and so on, builds asingle virtual file system.

[0038] As shown in FIG. 3, the terminal unit 14 a of the host terminal14 comprises a CPU 140 a, a memory 142, a storage 144, and a networkinterface 146. The peripheral unit 14 b comprises a display 148, akeyboard 150, and a mouse 152. The peripheral unit 14 b is connected tothe terminal unit 14 a via signal lines 154, 156, and 158.

[0039] The storage 144 comprises also an HDD that includes two storageareas: program storage area 144P corresponding to the user informationmanagement functional unit 140 and data storage area 144D. The programstorage area 144P contains a user information management program 1440and an operation interface processing program 1442. The user informationmanagement program 1440 manages the user information file 1444containing information on the host terminals 12, 14, 16, 18, and so onconnected to the network 100. The user information file 1444 contains,for example, user IDs (Identifier) identifying users and securityinformation such as passwords. The data storage area 144D contains theuser information file 1444.

[0040] The user information management functional unit 140 can group theuser information in the user information file 1444 based on definitioninformation. Because the definition information may be set out invarious ways, the user may belong to a plurality of groups. When theuser uses the operation interface, the user information managementfunctional unit 140 authenticates the user. More specifically, when theuser enters the user ID and security information through the keyboard atlogin time into the host terminal, the entered information is comparedwith the user information in the user information file 1444 toauthenticate the user.

[0041] More specifically, the user information refers to a user ID,security information, and the like. The user information managementfunctional unit 140 checks the result of this authentication and permitsonly an authorized user to perform operation. At this time, theoperation interface processing program of the corresponding hostterminal is loaded into the memory 142 and acts as an operationinterface processing functional unit 142 a to accept operations.

[0042] The network interface 146 functions as a connection interfacewith the network 100. For the host terminals 12, 16, 18, and so on thathave neither the user information management functional unit 140 nor theuser information file 1444, the host terminal 14 receives a user ID andsecurity information from the host terminals 12, 16, 18 and so on viathe network interface 146 and returns the authentication result to thoseterminals. Whether the user may access the system depends on thereturned result.

[0043] The host terminal 14 may include the file sharing managementfunctional unit not shown. This functional unit will be described later.

[0044] As shown in FIG. 4, the terminal unit 16 a of the host terminal16 comprises a CPU 160 a, a memory 162, a storage 164, and a networkinterface 166. The peripheral unit 16 b comprises a display 168, akeyboard 170, and a mouse 172. The peripheral unit 16 b is connected tothe terminal unit 16 a via signal lines 174, 176, and 178.

[0045] The storage 164 comprises an HDD that includes two storage areas:program storage area 164P corresponding to the file sharing managementfunctional unit 160 and data storage area 164D. The program storage area164P contains a file sharing management program 1640 and an operationinterface processing program 1642. The file sharing management program1640 manages files according to the processing to be executed for thedata files 1644 and 1844 that are specified as shared by the hostterminals 16, 18, and so on connected to the network 100. The data file1644 in the data storage area 164D contains, for example, directoryinformation and file information.

[0046] The file sharing management functional unit 160 allows the userto locally execute the file or directory operation function. At the sametime, the file sharing management functional unit 160 works with thefile sharing index management functional unit 120, user informationmanagement functional unit 140, and file sharing management functionalunit 180 in the other host terminals 12, 14, 18, and so on. As will bedescribed later, the file or directory operation function includes thestoring function, search function, acquisition function, read function,update function, and delete function.

[0047] In the distributed file system 10, the host terminals 18 and soon are distributed, which have the configuration similar to that of thehost terminal 16. The host terminal 18 has the file sharing managementfunctional unit 180.

[0048] Next, information stored in the data storage areas 164D, 184D,and 124D used in the distributed file system 10 will be described. Thehost terminal 16 has the data file 1644 in the data storage area 164D.As shown in FIG. 5A, the data file 1644 contains directory information Pon the directory “/P” and a file 164A (=“P/A”). The file 164A is onefile that contains both file information A and a file 164 a. Thedirectory “/P” and the file 164A are manipulated through an operationinterface processing functional unit 162 a implemented by loading theoperation interface program into the memory 162 and are created andstored by the file sharing management functional unit 160.

[0049] Note that the file 164 a is not a file whose path is representedby “/P/A” in the OS used on the host terminal 16. The operationinterface processing functional unit 162 a, when used to display thefiles managed by the file sharing management functional unit 160,displays the directory “/P” and the file 164A in the tree structureformat as shown in the local view in FIG. 5B.

[0050] Similarly, the host terminal 18, which includes the file sharingmanagement functional unit 180, has directory information Q and R in thedata storage area in FIG. 6A. A file 184B relates file information Bwith file 184 b, and a file 184C relates file information C with a file184 c, respectively. More specifically, the files are managed using therelations represented by the directories “/Q” and “/Q/R” and files“/Q/184B” and “Q/R/184C”. The directories and files described above aremanipulated through an operation interface processing functional unit182 a and are created and stored by the file sharing managementfunctional unit 180. Note that the files 184 b and 184 c are not fileswhose paths are represented by “/Q/184B” and “/Q/R/184C” in the OS usedon the host terminal 18. The operation interface processing functionalunit 182 a, when used to display the files managed by the file sharingmanagement functional unit 180, displays the directory “/Q” and the file184B belonging to that directory, and the directory “/Q/R” and the file184C belonging to that directory, in the tree structure format as shownin the local view in FIG. 6B.

[0051] As shown in FIG. 7A, the host terminal 12 uses the file sharingindex management functional unit 120 to integrally manage all directoryinformation P, Q, and R and file information A, B, and C used in thedistributed file system 10. This directory and file information, calledindex information, is stored in the index information file 1244. Whenthe index information file 1244 is displayed as a global view undermanagement of the file sharing index management functional unit 120, theindex information file 1244 containing directory information and fileinformation is displayed as a virtual tree structure. As shown in FIG.7B, this tree structure indicates the relation between a directory andfile information as follows: directory “/P”—file information A,directory “/Q”—file information B, and directory “/Q/R”—file informationC.

[0052] The following describes the directory information and the fileinformation described above. As shown in FIG. 8, the directoryinformation is composed of a key 40, directory name 42, directory updatedate 44, owner 46, termination date 48, publication date 50, and accessright 52. The key 40 is a value, for example, a value indicating thedirectory. The directory name 42 is the virtual directory path name inthe distributed file system 10. The directory update date 44 isinformation on the date on which the directory was updated last. Theowner 46 is the owner name that is the creator of the directory. Onlythe owner and the system administrator (admin) may update the directoryinformation.

[0053] The directory information includes a termination date 48 and apublication date 50 that specify the date before or after which thesearch of the directory information cannot be made. The termination date48 is the effective search period termination date after which thesearch of this directory cannot be made. The publication date 50 is theeffective search period start date before which the search of thisdirectory cannot be made. The access right 52 includes an access controllist.

[0054] The access control list associates user names or group names withaccess rights as shown in FIG. 9. User names and group names are thosestored in the user information file 1444 by the user informationmanagement functional unit 140. The access rights include a read (R)right, write (W) right, and read/write (RW) right. One of these threerights is made to correspond to a user name or a group name. The lengthof the access control list is variable. The access rights will bedescribed later more in detail.

[0055] The file information includes a key 60, file name 62, file updatedate 64, owner 66, termination date 68, publication date 70, and filestatus 72 as shown in FIG. 10. The description of an item included inthe file information that has the same name as that of an item includedin the directory information is omitted here because its definition isthe same. The file name 62 is a virtual file path name, and the owner 66is the name of a user who stored the file. The file status 72 is anidentifier indicating whether the file is an original file or a cachedfile, that is, a copied file.

[0056]FIGS. 11A and 11B show file sharing management when the hostterminal 16 acquires or copies the file 184B by caching it from the hostterminal 18. When the file is acquired, the directory information Q andthe file 184B are added to the data storage area 164D of the hostterminal 16 as shown in FIG. 11A. The file 184B includes the fileinformation B and the file 184 b. The cached information is shaded inthe figure. Therefore, when the user uses the operation interfaceprocessing functional unit 162 a to display the files managed by thefile sharing management functional unit 160, the local view is displayedin which the file 164A is displayed below the directory “/P” and thefile 184B is displayed below the directory “/Q”. In the figures, thefile 184B is shaded to indicate that the file is a cache i.e. copiedfile.

[0057] Next, the access rights to directory information will bedescribed. For example, the R right to the directory P is the right tothe directory P that is granted to the file sharing managementfunctional unit of a host terminal. This right includes the followingthree rights: the first is the right to read out a file name directlybelow the directory P, the second is the right to search/acquire/read afile directly below the directory P, and the third is the right to readout a directory name directly below the directory P. The acquisitionprocessing described above refers to the creation of the cache copy of afile that has been read out while the read processing refers to the readprocessing in which data is read out from a file.

[0058] The W right to the directory P is the right to the directory Pthat is granted to the file sharing management functional unit of a hostterminal. This right includes the following four rights: the first isthe right to create a new directory directly below the directory P, thesecond is the right to delete a directory directly below the directoryP, the third is the right to add a new file directly below the directoryP, and the fourth is the right to update/delete a file directly belowthe directory P. Note that a cache file cannot be updated.

[0059] The distributed file system 10 provides a system administratorwith the account “admin” that has the RW right to all directories. Theowner of a directory has the RW right to the directory the owner owns.

[0060] Next, the access right checking procedure will be described.Before executing a directory or a file operation, an access right checkis made as to if the user is allowed to access the directory or thefile. First, the user is checked as to if he or she is a systemadministrator as shown in FIG. 12, step S10. This is done by checkingwhether or not the user ID is admin that is system administrator'saccount. If the user ID is admin that is the account of a systemadministrator (YES), the user is given the access right to alldirectories and files, step S12. The access right RW is given in thiscase. After this checking, control is passed to the end step.

[0061] If the user account is not admin that is the system administratoraccount (NO), information on all groups to which the user belongs in thedistributed file system 10 is obtained, step S14. This group informationmay be obtained from the user information file 1444 by running the userinformation management functional unit 140 of the host terminal 14 whenthe user logs in the user's host terminal.

[0062] Then, a check is made if, on the host terminal on which the useris performing operation, there is the parent directory information onthe directory or the file the user is going to access, step S16. Ifthere is no parent directory information (NO), the host terminal onwhich the user is performing operation obtains parent directoryinformation from the index information file 1244 via the file sharingindex management functional unit 120 of the host terminal 12, step S18.

[0063] When the host terminal has the parent directory information orafter the host terminal has obtained the parent directory information,it references the access control list included in the parent directoryinformation to check the access rights, step S20.

[0064] Then, a check is made if the access rights obtained as a resultof checking contain at least one entry that permits the host terminal toaccess the directory or the file, step S22. If there is such an entry(YES), the host terminal is permitted to access the directory or file inaccordance with the permission (permitted), step S24. If there is notsuch an entry (NO), the host terminal is inhibited from accessing thedirectory or file, step S26. After the processing steps described aboveare executed, control is passed to the end.

[0065] In addition to the access right checking procedure describedabove, there is also an access right checking procedure for updatingdirectory information such as the one shown in FIG. 13. In the figure,the same reference numeral the flowchart in FIG. 12 is used for a stepin which the same processing as that in the access right checkingprocedure in FIG. 12 is executed to simplify the description. A check ismade if the user is a system administrator, step S10, and, if so, allaccess rights are given and user authentication processing is finished.If the user is not a system administrator (NO), a check is made if thehost terminal has parent directory information on the directory or filethe user is going to access, step S16. If the host terminal has not theparent directory (NO), the file sharing index management functional unit120 is executed to obtain the parent directory information from theindex information file 1244.

[0066] Next, the directory information stored in the host terminal orthe obtained directory information is referenced to check if the user isthe owner of the directory, step S28. If the owner included in thedirectory information matches the user ID of the user as a result ofcomparison (YES), the user is permitted to update the directoryinformation, step S24. If this comparison results in a mismatch (NO),the user is inhibited from updating the directory information, step S26.When the user requests to update directory information, the user isauthenticated as described above to check if the user has the right toupdate the directory information and then the procedure is finished.

[0067] The following describes the sequence of operations on directoriesand files in the distributed file system 10 in which access rightchecking and user authentication are executed as described above. FIG.14 shows the basic sequence of operations on directories and files. Thebasic sequence of operations is executed when a directory created,directory information is updated, or a directory is deleted.

[0068] For convenience of description, the host terminal 16 is used inthe sequence shown in FIG. 14. At time T10, the user enters a requestthrough the keyboard to send a directory operation instruction signal200 to the operation interface processing functional unit 162 a. Inresponse to this signal, the operation interface processing functionalunit 162 a sends out an instruction request signal 202 to the filesharing management functional unit 160 at time T12.

[0069] At time T14, the file sharing management functional unit 160starts checking the access right to the directory. When the file sharingmanagement functional unit 160 finds that there is no directoryinformation in the host terminal 16, it sends out an informationacquisition request signal 204 to the file sharing index managementfunctional unit 120 of the host terminal 12 at time T16 to acquireinformation on the parent directory. At time T18, the file sharing indexmanagement functional unit 120 starts searching for the requested parentdirectory information based on the index information file 1244 in whichindex information is integrally managed. At time T20, the file sharingindex management functional unit 120 sends out an acquisitioninformation signal 206 to the file sharing management functional unit160 to send the parent directory information obtained by the search.

[0070] The file sharing management functional unit 160 checks the accessright based on the parent directory information received at time T22. Ifthe file sharing management functional unit 160 finds, as a result ofchecking, that the user has not the access right obtained from thedirectory information, it sends out a response signal 208 to theoperation interface processing functional unit 162 a at time T24 toindicate that the user has not the access right. After that, theoperation interface processing functional unit 162 a outputs a responsesignal 210 on the user's display 168 at time T26 to indicate that theuser has not the access right. This signal notifies the user that theuser has not the access right.

[0071] If it is found, during access right checking, that the parentdirectory information is stored in the data file 1644 managed by thefile sharing management functional unit 160, the functional unitimmediately checks the access right at time T16. If it is found that theuser has not the access right, control is passed to the responseprocessing executed at time T24 to execute the response processing attimes T24 and T26 described above.

[0072] On the other hand, if it is found that the user has the accessright as a result of access right checking, control is passed from thestage at time T16 or T22 to the stage at T28 where the request isprocessed. In this case, the file sharing management functional unit 160performs processing according to the request indicated by the user and,at time T28, sends out an information notification signal 212 to thefile sharing index management functional unit 120 to notify it of theprocessed directory information. If an operation request is sent at thesame time from a plurality of host terminals to the file sharing indexmanagement functional unit 120 over the network 100, there is apossibility that an incompatible condition will be generated.

[0073] To prevent this incompatible condition from being generated, thefile sharing index management functional unit 120 controls itsconnection to other terminals so that it can communicate with otherterminals, one terminal at a time. In other words, the file sharingindex management functional unit 120 is exclusively controlled in such away that it can communicate only with the host terminal being connected.This exclusive control remains in effect for the period, from time T30to time T32, during which the requested management processing iscompleted and the file sharing index management functional unit 120sends out a response signal 214 to the file sharing managementfunctional unit 160.

[0074] The file sharing management functional unit 160 outputs aresponse signal 216 to the operation interface processing functionalunit 162 a at time T34 to indicate that the requested processing hasbeen completed. After that, the operation interface processingfunctional unit 162 a sends out a response signal 218 to the display 168at time T36. This signal notifies the user that the desired processinghas been completed.

[0075] A more specific example will be described briefly. When the userat the host terminal 16 requests to create a directory in thedistributed file system 10, the host terminal 16 receives the directorycreation request via the operation interface processing functional unit162 a (time T12). The file sharing management functional unit 160 startschecking if the user has the W right that is one of access rights (timeT14)

[0076] If it is found that the user has the W right, the file sharingmanagement functional unit 160 creates directory information before timeT28 arrives, based on the input data supplied from the keyboard 170 viathe operation interface processing functional unit 162 a. At time T28,the file sharing management functional unit 160 sends out the createddirectory information to the file sharing index management functionalunit 120. From time T30 to T32, the file sharing index managementfunctional unit 120 enters the exclusive control mode and adds thereceived directory information to the index information file 1244 as themanagement information to update the index information.

[0077] If it is found at time T16 or T22 that the user has not the Wright, the file sharing management functional unit 160 goes to theprocessing at time T24 and executes the subsequent response processing.

[0078] When the user requests to update directory information, the hostterminal 16 receives the directory information update request via theoperation interface processing functional unit 162 a. In response tothis request, the file sharing management functional unit 160authenticates the user to check if the user has the access right at timeT16 or T22 depending upon whether or not the user owns the directoryinformation. If it is found that the user is the owner of the directoryor a system administrator, the host terminal 16 is given the accessright to update the directory information.

[0079] Before time T28 arrives, the file sharing management functionalunit 160 creates directory information for updating, based on dataentered from the keyboard 170 via the operation interface processingfunctional unit 162 a. At time T28, the file sharing managementfunctional unit 160 sends out the created directory information to thefile sharing index management functional unit 120. From time T30 to T32,the file sharing index management functional unit 120 enters theexclusive control mode, and adds the received directory information tothe index information file 1244 as the management information to updatethe index information.

[0080] The file sharing index management functional unit 120, whichknows which host terminal has a directory to be updated, sends out anotification about the updated directory information to thecorresponding host terminal. This notification is called an eventnotification. The event notification is sent not only when a directoryis updated but also when a directory is deleted, a file is updated, or afile is deleted. The procedure described below may be applied equally todirectory deletion, file updating, and file deletion. Therefore, theprocedure will be described briefly for the three types of processinggiven above with emphasis on the different points among them.

[0081] Assume that the host terminals 18 and 20 each have a directorycorresponding to this event notification. In this case, the file sharingindex management functional unit 120 sends out event notificationsignals 220 and 222 to the host terminals 18 and 20 at times T40 andT44, respectively, to send out the updated directory information asshown in FIG. 15. The file sharing management functional unit 180receives the event notification at time T42 and updates the directoryinformation in the data file 1844 before time T48 arrives. Similarly, afile sharing management functional unit 20 a receives the eventnotification at time T46 and updates the directory information in thedata file, not shown, before time T50 arrives.

[0082] The file sharing management functional unit 180 sends out anupdate notification signal 224 to the file sharing index managementfunctional unit 120 at time T48 to notify it of the updated directoryinformation. Similarly, the file sharing management functional unit 20 asends out an update notification signal 226 to the file sharing indexmanagement functional unit 120 at time T50 to notify it of the updateddirectory information. For example, the file sharing index managementfunctional unit 120 enters the exclusive control mode for the period oftime from T52 to T54 and updates the index information on the hostterminals 18 and 20, which is included in the index information file1244, based on the received update notification signals 224 and 226. Thefile sharing index management functional unit 120 outputs responsesignals 228 and 230 to the host terminal 18 and 20 at times T54 and T56,respectively. When the event notification is generated, the processingsteps executed from time T40 to time T56 update the directoryinformation as described above.

[0083] In the description above, the sequence of processing, that is,event notification, update processing, index information updating, andresponse transmission, is executed first for the host terminal 18 andthen for the host terminal 20. As long as the sequence of proceduresteps are executed for each host terminal in a predetermined order, thehost terminals may be processed in any order.

[0084] When the user requests to delete directory information, the hostterminal 16 receives the directory deletion request via the operationinterface processing functional unit 162 a (time T12). The file sharingmanagement functional unit 160 starts checking if the user has the Wright that is one of access rights (time T14). If it is found that theuser has the W right, the file sharing management functional unit 160deletes the directory information of a directory, which is eitherspecified by the input data supplied from the keyboard 170 via theoperation interface processing functional unit 162 a or indicated by theposition on the display 168 via the mouse 172, before the time T28arrives.

[0085] The file sharing management functional unit 160 sends out thedeleted directory information to the file sharing index managementfunctional unit 120 at time T28. From time T30 to T32, the file sharingindex management functional unit 120 enters the exclusive control modeand deletes the notified directory information, which is the informationto be deleted, from the index information file 1244. The file sharingindex management functional unit 120 also sends out an eventnotification to indicate that the directory has been deleted.

[0086] Basically, the sequence of operations on a file is also executedaccording to the sequence shown in FIG. 14. The file sharing managementfunctional unit 160 executes file storing, search/acquisition (read),update, and deletion processing. When the user requests to store a file,the host terminal 16 receives the file storing request via the operationinterface processing functional unit 162 a. The file sharing managementfunctional unit 160 checks if the user has the W right that is one ofaccess rights. If it is found that the user has not the access right,the file sharing management functional unit 160 outputs the responsesignal 208 to the operation interface processing functional unit 162 aat time T24 to indicate that the user has not the access right. If it isfound that the user has the W right, the file sharing managementfunctional unit 160 stores the file in the data file 1644. At the sametime, the file sharing management functional unit 160 creates fileinformation so that the stored file will be treated as a managemententry. At time T28, the file sharing management functional unit 160sends out the information notification signal 212 to the file sharingindex management functional unit 120 to notify it of the created fileinformation.

[0087] The file sharing index management functional unit 120 enters theexclusive control mode and adds the supplied file information to theindex information file 1244 as a management entry to update the indexinformation. After updating the index information, the file sharingindex management functional unit 120 outputs the response signal 214 tothe file sharing management functional unit 160 at time T32.

[0088] When the user requests to update a file, the host terminal 16receives the file update request via the operation interface processingfunctional unit 162 a. The file sharing management functional unit 160checks if the user has the W right that is one of access rights. If itis found that the user has not the access right, the file sharingmanagement functional unit 160 outputs the response signal 208 to theoperation interface processing functional unit 162 a at time T24 toindicate that the user has not the right.

[0089] If it is found that the user has the W right, the file sharingmanagement functional unit 160 updates the file stored in the data file1644. At this time, the file sharing management functional unit 160creates file information reflecting the update in order to manage theupdated file. Note that the file sharing management functional unit 160may update only original files. The file sharing management functionalunit 160 cannot update a cache file created as a copy of a file. As willbe described later, a cache file may be updated by outputting anacquisition request to the corresponding host terminal in response to anevent notification from the file sharing index management functionalunit 120.

[0090] At time T28, the file sharing management functional unit 160sends out the information notification signal 212 to the file sharingindex management functional unit 120 to notify it of the created fileinformation. The file sharing index management functional unit 120enters the exclusive control mode and updates the index information inthe index information file 1244 with the supplied file information as amanagement entry. After updating the index information, the file sharingindex management functional unit 120 outputs the response signal 214 tothe file sharing management functional unit 160 at time T32.

[0091] The file sharing index management functional unit 120 integrallymanages which host terminal includes a cache file corresponding to anupdated file. Based on this information, the file sharing indexmanagement functional unit 120 sends out an event notification to thehost terminals 18 and 20, which have a cache file corresponding to theupdated file, according to the sequence described above.

[0092] This event notification processing includes an extra sequence ofsteps not included in the sequence in FIG. 15. In this extra sequence,the file sharing management functional units 180 and 20 a each output anacquisition request to the file sharing management functional unit 160to acquire the updated file. In response to the acquisition request, thefile sharing management functional unit 160 outputs the updated fileinformation and updated file to the file sharing management functionalunits 180 and 20 a. In response to the updated file information andupdated file, the file sharing management functional units 180 and 20 aupdate the cache file. The file sharing management functional units 180and 20 a send the update notification signals 224 and 226 to the filesharing index management functional unit 120, respectively, to notify itof the updated file information. The file sharing index managementfunctional unit 120 enters the exclusive control mode and updates theindex information in the index information file 1244 using the fileinformation supplied from the file sharing management functional units180 and 20 a. After updating the index information, the file sharingindex management functional unit 120 outputs the response signals 228and 230 at times T54 and T56, respectively.

[0093] When the user requests to delete a file, the host terminal 16receives the file deletion request via the operation interfaceprocessing functional unit 162 a. The file sharing management functionalunit 160 checks if the user has the W access right that is one of accessrights. If it is found that the user has not the access right, the filesharing management functional unit 160 outputs the response signal 208to the operation interface processing functional unit 162 a at time T24to indicate that the user has not the right. If it is found that theuser has the W right, the file sharing management functional unit 160deletes the file from the data file 1644. The file sharing managementfunctional unit 160 sends out the information notification signal 212 tothe file sharing index management functional unit 120 to indicate thatthe file has been deleted. When a cache file is deleted from the hostterminal 16, the deletion processing is completed when this notificationsignal is sent.

[0094] On the other hand, when an original file of the host terminal 16is deleted, the following processing is further executed. That is, thefile sharing index management functional unit 120 enters the exclusivecontrol mode and deletes the file information, which has been suppliedfrom the file sharing management functional unit 160, from the indexinformation file 1244. The file sharing index management functional unit120, which integrally manages the terminals having a copied cache fileof the deleted file, knows which host terminal has a copied cache fileof the deleted file. Therefore, the file sharing index managementfunctional unit 120 sends out an event notification to those terminals,as in the update processing described above, to cause the file sharingmanagement functional units 180 and 20 a to delete the file informationand the file that have been deleted. In response to the notificationfrom the file sharing management functional units 180 and 20 aindicating that the file information has been deleted, the file sharingindex management functional unit 120 deletes the corresponding fileinformation of the host terminals 18 and 20 from the index informationfile 1244.

[0095] Finally, file search and acquisition (read) will be describedwith reference to FIG. 16. The host terminal 16 receives the operationinstruction signal 200 via the operation interface processing functionalunit 162 a indicating that the user is going to search for a file (timeT10). The operation interface processing functional unit 162 a sends outthe instruction request signal 202 to the file sharing managementfunctional unit 160 to issue a file search request (time T12) The filesharing management functional unit 160 starts checking if the user hasthe R right that is one of access rights (time T14). The file sharingmanagement functional unit 160 checks if the host terminal 16 has thedirectory information on the user.

[0096] If the file sharing management functional unit 160 finds that thehost terminal 16 has not the directory information on the user, the filesharing management functional unit 160 outputs the informationacquisition request signal 204 to the file sharing index managementfunctional unit 120 (time T16) After time T18, the file sharing indexmanagement functional unit 120 searches the index information file 1244for the user's access right list. From T18 to T20, the file sharingindex management functional unit 120 obtains the corresponding directoryinformation, which contains the access right list, from the indexinformation file 1244. The obtained directory information is sent fromthe file sharing index management functional unit 120 to the filesharing management functional unit 160 as the acquisition informationsignal 206 (time T22)

[0097] If the file sharing management functional unit 160 has thedirectory information on the user, the file sharing managementfunctional unit 160 checks at time T16 if the access right includes theR right. Therefore, the file sharing management functional unit 160checks the directory information, which is supplied at time T16 or T22,if the access right includes the R right. If it is found that the accessright does not include the R right, the file sharing managementfunctional unit 160 sends out the response signal 208 to the operationinterface processing functional unit 162 a at time T24 to indicate thatthe user has not the right. In response to the response signal 208, theoperation interface processing functional unit 162 a outputs theresponse signal 210 to the display 168 at time T26.

[0098] If it is found that the access right includes the R right, thefile sharing management functional unit 160 sends out the informationnotification signal 212 to the file sharing index management functionalunit 120 to notify it of the search data supplied from the keyboard 170via the operation interface processing functional unit 162 a. From timeT30 to T32, the file sharing index management functional unit 120 entersthe exclusive control mode as described above and searches the fileinformation stored in the index information file 1244 for the receivedsearch data. The file sharing index management functional unit 120checks if there is file information that matches the search data and, inthis example, finds that the desired file is in the host terminal 18.

[0099] At time T32, the file sharing index management functional unit120 outputs the response signal 214 to the file sharing managementfunctional unit 160 to send the search result. The file sharingmanagement functional unit 160 outputs the response signal 216 to theoperation interface processing functional unit 162 a at time T34, andthe operation interface processing functional unit 162 a outputs theresponse signal 218 at time T36. In this way, the host terminal 16 in avirtually built distributed system can obtain the file search resultquicker than before and display the result on the display 168.

[0100] For example, file acquisition processing is executed after filesearch processing as follows. In this case, the host terminal 16receives a file acquisition instruction via the operation interfaceprocessing functional unit 162 a at time T60. The operation interfaceprocessing functional unit 162 a outputs the file acquisition request tothe file sharing management functional unit 160 at time T62. Uponreceiving this request at time T64, the file sharing managementfunctional unit 160 outputs the information acquisition request signal204 to the host terminal 18, which was found to have the file in thefile search processing described above, to send the file acquisitionrequest.

[0101] Before issuing the file acquisition request, the file sharingmanagement functional unit 160 checks the file path, indicated by thefile search result displayed as the local view, if the data file 1644includes a new directory. If the file search result includes a directorythat was not included in the local view, the file sharing managementfunctional unit 160 also requests the file sharing management functionalunit 180 to acquire directory information corresponding to thedirectory.

[0102] In response to the request received at time T68, the file sharingmanagement functional unit 180 outputs, at time T70, the fileacquisition information signal 206 to the file sharing managementfunctional unit 160 to send the corresponding file information. If thefile sharing management functional unit 160 has also issued a request toacquire the directory information described above, the file sharingmanagement functional unit 180 sends out the acquisition informationsignal 206 including the directory information.

[0103] The file sharing management functional unit 160 caches thesupplied information (time T72). At time T74, the file sharingmanagement functional unit 160 sends out the information notificationsignal 212 to the file sharing index management functional unit 120 toinform it of the acquired information. Of course, if the directoryinformation has also been acquired, this informational so includes thedirectory information. The file sharing index management functional unit120 enters the exclusive control mode and updates the index informationby adding the information, newly acquired for the host terminal 16, tothe index information file 1244 from time T76 to time T78. The filesharing index management functional unit 120, file sharing managementfunctional unit 160, and operation interface processing functional unit162 a output the response signals 214, 216, and 218 at times T78, T80,and T82, respectively.

[0104] Because file search processing is followed immediately by fileacquisition processing in the description above, the access right ischecked only once. If the processing is executed independently insteadof being executed continuously, the access right must be checked oncefor each processing. When only the file read operation is executed inthe distributed file system 10, the access right checking processing,access control processing, and exclusive control processing must also beexecuted as described above.

[0105] As described above, the system integrally manages files, whichare treated virtually as distributed files in each case, based on theindex information. As compared with a system in which file creation,updating, deletion, search, and acquisition are executed by checking theaccess right at each application level, this system greatly reduces thetime required for processing.

[0106] The distributed file system 10, with the configuration describedabove, stores index information on the shared files in the file sharingindex management functional unit 120 and, based on the indexinformation, manages the files according to the access right. Therefore,even if one of the host terminals 16, 18, and so on, that is used by theuser has not the desired directory information, the access right may beobtained from the file sharing index management functional unit 120without having to access each host terminal. Local management of filesby the file sharing management functional unit (160, 180, and so on) ofthe host terminal (16, 18 and so on) minimizes the access to the hostterminal (16, 18, and soon) necessary before the completion ofprocessing and, therefore, requires shorter processing time than before.This means that the distributed file system 10 is easy to use.

[0107] In addition, the file sharing index management functional unit120 integrally manages the directory information owned by the hostterminals for use in checking access rights. This configurationeliminates the need for accessing the file sharing index managementfunctional unit 120 when the access right to a cached file is checked,thus increasing the efficiency of cache files stored in each hostterminal and increasing distributed file processing efficiency.

[0108] In particular, when the access right is changed, the access rightis updated for all host terminals in which the changed directory iscached. Therefore, the access rights in the system are kept consistent

[0109] The entire disclosure of Japanese patent application No.2001-362287 filed on Nov. 28, 2001, including the specification, claims,accompanying drawings and abstract of the disclosure is incorporatedherein by reference in its entirety.

[0110] While the present invention has been described with reference tothe particular illustrative embodiment, it is not to be restricted bythe embodiment. It is to be appreciated that those skilled in the artcan change or modify the embodiment without departing from the scope andspirit of the present invention.

What is claimed is:
 1. A distributed file sharing system comprisingterminals acting as host terminals connected to a network and managingfiles, each of which contains a collection of data, stored belowdirectories each indicating a position in a hierarchical structure,wherein at least one of said host terminals acts in the network as aglobal management functional block managing all index information, theindex information including access right information representative ofright to access directories and files relating to sharing, each of saidhost terminals including a file sharing management functional blockmanaging the files and the directories shared by said host terminals, aswell as the files locally for each host terminal, said file sharingmanagement functional block setting and managing the access rightinformation on directories used in managing the files.
 2. The system inaccordance with claim 1, wherein said global management functional blockmanages the index information including the access right information onall the directories for use in managing the files.
 3. The system inaccordance with claim 2, wherein said global management functional blockcontrols a reference and update of the index information.
 4. The systemin accordance with claim 3, wherein at least one of said host terminalsincludes a user management functional block storing permissioninformation on access to said host terminals as user information andmanaging access permission by authenticating the user information. 5.The system in accordance with claim 4, wherein said host terminals have,in a cache, a copy of a shared file managed by the index information ofsaid global management functional block and a copy of the access rightinformation owned by a parent directory of the file in the cache.
 6. Thesystem in accordance with claim 5, wherein said file sharing managementfunctional block notifies said global management functional block of anupdate of the access right information executed locally, said globalmanagement functional block in one of said host terminals notifyingremaining ones of said host terminals, in which the access rightinformation is stored, of the update of the access right information. 7.The system in accordance with claim 6, wherein the access rightinformation is of a format variable in length.
 8. The system inaccordance with claim 7, wherein the access right information includesread right, write right, or a combination of read and write rights forstored user names and group names.
 9. The system in accordance withclaim 8, wherein the read right includes a permission of a reading of afile name or a directory name directly below the directory, a searchthrough the file, a creation of the file in the cache, and a reading ofthe file.
 10. The system in accordance with claim 8, wherein the writeright includes a permission of an addition of a file or a directorydirectly below the directory, an update or deletion of the file, and adeletion of the directory.
 11. The system in accordance with claim 8,wherein the combination of read and write rights includes: a permissionof a reading of a file name or a directory name directly below thedirectory, a search through the file, a creation of the file in thecache and a reading of the file; an addition of a file or a directorydirectly below the directory; an update or deletion of the file; and adeletion of the directory
 12. A method of controlling access to files ina distributed file sharing system, comprising the steps of: preparinghost terminals connected to a network and managing files, each of whichcontains a collection of data, stored below directories each indicatinga position in a hierarchical structure; receiving by one of the hostterminals an operation request for information on either one of thedirectory and the file; issuing an access request to a target to bemanaged in response to the operation request from the one host terminal;checking, in response to the access request, whether or not a user hasan access right to access the target right to issue the access requestbased on collectively managed access rights; processing the informationassociated with the access request when the user has the access right;issuing a response, when the user does not have the access right,indicating that the processing requested by the access request will notbe performed; processing index information including the access rightfor each of the host terminals as the target to be managed; andproviding the host terminal operated with a response signal associatedwith the index information processed.
 13. The method in accordance withclaim 12, wherein the access right includes read right, write right, ora combination of read and write rights for stored user names and groupnames.
 14. The method in accordance with claim 13, wherein the readright includes a permission of a reading of a file name or a directoryname directly below the directory, a search through the file, a creationof the file in a cache, and a reading of the file.
 15. The method inaccordance with claim 13, wherein the write right includes a permissionof an addition of a file or a directory directly below the directory, anupdate or deletion of the file, and a deletion of the directory.
 16. Themethod in accordance with claim 13, wherein the combination of read andwrite rights include: a permission of a reading of a file name or adirectory name directly below the directory, a search through the file,a creation of the file in the cache, a reading of the file; an additionof a file or a directory directly below the directory; an update ordeletion of the file; and a deletion of the directory.
 17. The method inaccordance with claim 12, wherein said step of checking comprises thesubsteps of: checking, when the user accesses the host terminal, whetheror not the user is a system administrator managing the network;permitting access right to operate all the files if the user is thesystem administrator as a result of said substep of checking; obtainingaccess right assigned to a group, to which the user belongs, if the useris not the system administrator as a result of the checking; checkingwhether or not the host terminal on which the user is operating hasparent directory information containing information on a target to beaccessed; obtaining the parent directory information from the indexinformation on the files, including the directory, if there is no parentdirectory information; and checking the access right included in theparent directory information and permitting or inhibiting the accessright, depending upon a result of the checking of the access right. 18.The method in accordance with claim 14, wherein said step of checkingcomprises the substeps of: checking, when the user accesses the hostterminal, whether or not the user is a system administrator managing thenetwork; permitting access right to operate all the files if the user isthe system administrator as a result of said substep of checking;obtaining access right assigned to a group, to which the user belongs,if the user is not the system administrator as a result of the checking;checking whether or not the host terminal on which the user is operatinghas parent directory information containing information on a target tobe accessed; obtaining the parent directory information from the indexinformation on the files, including the directory, if there is no parentdirectory information; and checking the access right included in theparent directory information and permitting or inhibiting the accessright, depending upon a result of the checking of the access right. 19.The method in accordance with claim 15, wherein said step of checkingcomprises the substeps of: checking, when the user accesses the hostterminal, whether or not the user is a system administrator managing thenetwork; permitting access right to operate all the files if the user isthe system administrator as a result of said substep of checking;obtaining access right assigned to a group, to which the user belongs,if the user is not the system administrator as a result of the checking;checking whether or not the host terminal on which the user is operatinghas parent directory information containing information on a target tobe accessed; obtaining the parent directory information from the indexinformation on the files, including the directory, if there is no parentdirectory information; and checking the access right included in theparent directory information and permitting or inhibiting the accessright, depending upon a result of the checking of the access right. 20.The method in accordance with claim 16, wherein said step of checkingcomprises the substeps of: checking, when the user accesses the hostterminal, whether or not the user is a system administrator managing thenetwork; permitting access right to operate all the files if the user isthe system administrator as a result of said substep of checking;obtaining access right assigned to a group, to which the user belongs,if the user is not the system administrator as a result of the checking;checking whether or not the host terminal on which the user is operatinghas parent directory information containing information on a target tobe accessed; obtaining the parent directory information from the indexinformation on the files, including the directory, if there is no parentdirectory information; and checking the access right included in theparent directory information and permitting or inhibiting the accessright, depending upon a result of the checking of the access right. 21.The method in accordance with claim 17, further comprising after saidsubsteps of: obtaining the parent directory information the substep ofchecking whether or not the user is an owner of the directory; passing,if the user is the owner, control to said substep of checking the accessright; and inhibiting the access right and terminating control if theuser is not the owner.
 22. The method in accordance with claim 18,further comprising after said substeps of: obtaining the parentdirectory information the substep of checking whether or not the user isan owner of the directory; passing, if the user is the owner, control tosaid substep of checking the access right; and inhibiting the accessright and terminating control if the user is not the owner.
 23. Themethod in accordance with claim 19, further comprising after saidsubsteps of: obtaining the parent directory information the substep ofchecking whether or not the user is an owner of the directory; passing,if the user is the owner, control to said substep of checking the accessright; and inhibiting the access right and terminating control if theuser is not the owner.
 24. The method in accordance with claim 20,further comprising after said substeps of: obtaining the parentdirectory information the substep of checking whether or not the user isan owner of the directory; passing, if the user is the owner, control tosaid substep of checking the access right; and inhibiting the accessright and terminating control if the user is not the owner.
 25. Themethod in accordance with claim 12, wherein said fifth step is executedby the host terminal from which the access request was issued, one hostterminal at a time.
 26. The method in accordance with claim 22, whereinsaid step of processing the index information is executed by the hostterminal from which the access request was issued, one host terminal ata time.
 27. The method in accordance with claim 23, wherein said step ofprocessing the index information is executed by the host terminal fromwhich the access request was issued, one host terminal at a time. 28.The method in accordance with claim 24, wherein said step of processingthe index information is executed by the host terminal from which theaccess request was issued, one host terminal at a time.